What Is a Serverless Framework?

A serverless framework is a set of services that enables DevOps teams to build and write code without needing to manage the underlying infrastructure required for application development. There are still servers involved in serverless development, but they are provisioned, configured, maintained, and updated by a cloud services provider.

A serverless framework scales automatically. Customers do not reserve or pay for a fixed number of servers, but rather are charged based on the amount of computation required. Deployed in containers, serverless apps launch automatically whenever they are called. The cloud services provider is responsible for ensuring that apps have the resources they need and that DevOps teams can build and run software at will.

Common serverless frameworks include AWS Lambda, Microsoft Azure Functions, and Google Cloud Functions.

How does serverless computing work?

With a serverless framework, developers write front-end application code and business logic and deploy it in containers managed by the cloud service provider. The cloud provider is responsible for spinning up and provisioning the required resources on demand whenever code is executed, then scaling back to zero when execution stops. Providers also handle all tasks related to configuring servers, applying patches, balancing loads, and managing security for the underlying server infrastructure.

Common serverless use cases include business process automation, chatbots, media processing, Internet of Things (IoT), and building APIs for web applications.

What is a function as a service (FaaS)?

FaaS is a type of cloud computing service that also lets developers build, run, and manage modular pieces of code as functions, without needing to manage the underlying infrastructure. FaaS lets developers run event-triggered applications on the edge and on demand, paying for server processes only while the application is running. These capabilities make it easy to scale code and implement microservices cost-efficiently.

What are the benefits of a serverless framework?

A serverless framework offers significant advantages to DevOps teams over alternative environments.

Reduced cost. Because a serverless framework charges only for the compute time needed to run applications, organizations end up paying less than for other cloud-based services in which servers are constantly running and must be managed on an ongoing basis.
Easier scalability. Serverless frameworks can scale easily to accommodate spikes in demand and new business opportunities, without DevOps teams needing to worry about managing servers or security as operations scale up.
Faster time to market. Serverless environments can be provisioned in minutes or hours, enabling organizations to accelerate their speed to market.
Less latency. With serverless architecture, code can run on any server, including edge servers that are closer to end users to minimize latency.
Greater flexibility. Serverless platforms enable DevOps teams to build apps in any language or development framework.

What are the disadvantages of a serverless framework?

Security concerns. Since cloud service providers are responsible for maintaining the security of serverless environments, organizations may not have full visibility into security.
Difficulties testing and debugging. Because developers do not have visibility into back-end processes, testing and debugging code may be more complicated.
Long-running processes. While serverless is ideal for running short-duration apps that perform a service and then stop, running apps for longer periods of time may not be as cost-effective on a serverless framework.
Vendor lock-in. Giving a cloud services provider responsibility for all underlying infrastructure can make it difficult to change providers when necessary.

What is serverless vs. IaaS, PaaS, and BaaS?

While a serverless framework has some similarities with other cloud services models, there are significant differences that make serverless more appropriate for certain situations.

Infrastructure as a service (IaaS). With IaaS offerings, organizations must make up-front, educated guesses about their future cloud resource needs, which can lead to overprovisioning, underutilization, and added costs. In contrast, capacity in serverless frameworks is consumed only when apps are launched, and the organization stops paying when the app is finished.
Platform as a service (PaaS). Like serverless frameworks, PaaS offerings provide access to application development tools without requiring developers to manage the back end. However, pricing for PaaS solutions is not as precise as serverless, and PaaS offerings may not scale as easily.
Backend as a service (BaaS). Like serverless frameworks, BaaS solutions enable developers to avoid managing servers and backend infrastructure by outsourcing these tasks to a cloud service provider. However, BaaS solutions may not automatically scale as serverless frameworks can. Also, since BaaS offerings are not event-driven like serverless solutions, they may consume more server resources, increasing costs.

Frequently Asked Questions (FAQ)

Serverless computing is a type of cloud computing model in which cloud services providers manage computing infrastructure like servers, storage, and networking, and provide access to organizations via the internet. Customers consume cloud resources on an on-demand, pay-as-you-use basis, and the cloud provider is responsible for maintaining, updating, and securing the service. However, as business needs and application requirements change, the customer is responsible for arranging for more capacity. In serverless computing, the cloud provider is responsible both for the cloud infrastructure as well as capacity planning to ensure the customer has enough capacity to scale apps as needed.

Serverless security is the set of practices, programs, and technologies that organizations deploy to protect serverless computing architecture. Serverless security requires a shift in the way organizations view application security and a fresh approach to controlling access and protecting data from:

Event data injection that delivers input without determining if the input is malicious
Excessive privileges that may be compromised by malicious actors
Misconfiguration that opens the IT environment to attacks
Broken authentication that lets attackers exploit weaknesses in authentication mechanisms to gain unauthorized access
Insecure code that introduces vulnerabilities hackers can exploit
A larger attack surface that makes it harder to gain visibility
Third-party dependencies that introduce risk to sensitive data or resources

Containers are lightweight, portable units of software that are packaged with required libraries and dependencies that allow the application to run anywhere, on any machine. As a streamlined way to build, test, and deploy applications on multiple environments, containers improve efficiency of DevOps efforts and provide greater consistency across IT ecosystems. Along with microservices, containers are an important part of cloud-native applications.

Why customers choose Akamai

Akamai powers and protects life online. Leading companies worldwide choose Akamai to build, deliver, and secure their digital experiences — helping billions of people live, work, and play every day. Akamai Connected Cloud, a massively distributed edge and cloud platform, puts apps and experiences closer to users and keeps threats farther away.

Learn More

Akamai Cloud Computing

Put applications and workloads close to your end users, no matter where they are in the world, with the world’s most distributed cloud platform.

Learn more

Cloud Computing at the Edge

We’re building a massively distributed cloud computing platform on top of our trusted and scaled network, shifting how developers and companies build and deploy applications across the continuum of computing from core to edge.

Learn more